I believe there are legitimate purposes for the cloud such as
collaboration with many different parties. But I don't consider the
cloud to be the solution for everything.
I recently worked for an Information Security Officer. I can say that
ISO community has concerns with the cloud whether they are using one
of the big boys or even small firms. Every system can be hacked
unless it is totally isolated. Google, Amazon and others have some of
the best security in the world but that doesn't mean they are immune.
To PKs note about breaches - I am betting we are only aware of a few
of them; both the cloud provider and business affected don't want to
publicize an event. It is bad for business.
And yes due diligence is important. But just as critical is what you
are using the services for. An organization really needs to consider
what type of data and records they want to store with the provider
(e.g. PII, PHI and confidential corporate.). If possible include in
your T&Cs who is responsible for what in case a breach does occur. And
whether you are maintaining the data/records in-house or with a cloud
provider consider purchasing insurance.
Just my thoughts on a windy and cloudy day in Philly...
Bruce White, CRM, PMP
Radnor, PA
e-mail: [log in to unmask]
LinkedIn: http://www.linkedin.com/in/bblanco
"Life is like riding a bicycle. To keep your
balance you must keep moving." -- Albert Einstein
On Wed, May 13, 2015 at 11:03 AM, Jesse Wilkins <[log in to unmask]> wrote:
> Of all the issues associated with cloud, I'd consider third-party hacking
> to be the least likely, at least for the major cloud providers, for a
> couple of reasons. First, most hacking isn't done by third parties, but
> rather comes from disgruntled employees or former employees inside the
> firewall. Having a cloud provider actually eliminates that to great extent
> because it's not your employees, and the robust disaster recovery and
> continuity measures present at most cloud providers' data centers would
> cover a disgruntled cloud employee's attempts to sabotage.
>
> Second, those providers are huge, gigantic, ginormous targets for everyone
> from "script kiddies" to serious black-hat hackers to state entities. The
> fact that Amazon, Microsoft, Google, etc. do *not* get hacked on a regular
> basis is testament to the importance they assign to security. And in fact
> most of them hire the best and brightest hackers they can find and
> incentivize them to hack their security such that sophisticated penetration
> testing happens on a very frequent if not ongoing basis.
>
> I'd argue in fact that the large cloud providers have better security than
> all but the largest and most sophisticated organizations. No matter how
> good your IT team is, they are probably not equal to the resources a
> Microsoft or Amazon or whomever can bring to bear in terms of security
> design and testing.
>
> There are other issues associated with cloud, some of which have already
> been addressed in this thread. But to me, your primary concern with cloud
> would be in doing due diligence. Just as you wouldn't hire Jesse's Bait
> Shop & Records Storage for your physical records, you probably shouldn't
> hire Jesse's Bait Shop & Cloud Storage for your cloud storage needs. But if
> you go with a major provider, who does things the right way, you can have
> every bit as much confidence in them as you would with onsite data centers
> - and in fact more because if your data center goes down, you're out of
> luck. The major cloud providers just don't go down.
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
